The answer to the first question is "it depends". At bandwidths that Your ISP can easily handle, the answer is probably no, their equipment is better placed and probably of a higher grade, so it is better to handle the DDoS protection there, and just put some "of sound mind" sort of things on Your end to handle small-scale stuff that may no even trigger detection thresholds at the ISP.

Now on the other hand, if you are in a large hosted environment like a server hotel hooked up directly to an Internet Exchange, or are handling huge amounts of traffic in a datacenter, maybe even function as a traffic concentrator for a larger MAN/WAN/GAN, then it does make sense to have an own solution for the purpose of DDoS protection and maybe firewalling integrated with it. At 10G and higher traffic links and/or several 100s of thousands of RPS on NORMAL traffic, You would probably want to know exactly what You are working with, what's happening to it, and eliminate the delays with having an external entity manage the service.

Cost-wise, You have to measure cost vs. potential risk and loss of income if You don't have these, and this calculation will almost always happen to bring You into the 6-digit range in a year at least (USD), as there are significant costs associated with procuring/implementing/operating/supporting such devices. So if you are far beneath that range budget-wise or traffic-wise, don't bother, go with the managed service of the ISP.

As for the second question, at first thought there is A10 Networks who have several appliances up to N*40Gb bandwidth for both dedicated DDoS protection and integrated into an application firewall/load balancer, and Cisco's Guard XT series is also an option if You are playing in this league. Ctrix's Netscalers are balancers /ALGs that can help You with DDoS-protection for certain protocols, but these are not really dedicated security devices.

If you just want to go for "something", or build something small-scale, then You coul do some testing with say Aache mod_security on an OpenBSD or FreeBSD with pf, these are working fine on a small scale and are cheap to build and maintain, but You'll probably end up managing them Yourself and bear in mind, community support is nothing compared to what a large vendor will provide.

Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.